#!/bin/bash
# The following may be heavily borrowed from, if not
# copied from, the NSA's December 20, 2007 "Guide to the
# Secure Configuration of Red Hat Enterprise Linux 5, Revision 2"
# Title - User Home Directories not writtable to  Group and World.

#Initialize variables
export PRECHECK="if [ -z $(find /home/* -maxdepth 0 -perm /g+w,o+r,o+w,o+x) ]; then echo No vulnerability found; fi"
export QUESTION="Would you like to make user home directories not writtable to group and world?"
export DESCRIPTION="User home directories contain many configuration files which affect the behavior of a user’s account. No user should ever have write permission to another user’s home directory. Group shared directories can be configured in subdirectories or elsewhere in the filesystem if they are needed. Typically, user home directories should not be world-readable. If a subset of users need read access to one another’s home directories, this can be provided using groups."
export SOLUTION="chmod g-w,o-rwx /home/*"